1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Google researchers say Oracle EBR hackers have hit dozens of orga

    From TechnologyDaily@1337:1/100 to All on Friday, October 10, 2025 13:30:08
    Google researchers say Oracle EBR hackers have hit dozens of organizations

    Date:
    Fri, 10 Oct 2025 12:28:00 +0000

    Description:
    The attacks started a lot earlier than previously thought, and bear the hallmarks of multiple threat actors.

    FULL STORY ======================================================================Cl0p ransomware exploited Oracle E-Business Suite, demanding payment from affected organizations Google says attacks began in JulyAugust, before Oracle released a patch for the zero-day FIN11 may be involved, either collaborating with
    Cl0p or inspiring the extortion campaign

    The recent Oracle E-Business Suite cyberattack may have affected dozens of organizations around the world, as Googles researchers shed more light on the currently active extortion campaign.

    News recently broke of numerous executives across American organizations receiving emails apparently originating from the Cl0p ransomware gang. In the emails, the miscreants said they stole sensitive files from the companys Oracle E-Business Suite systems and asked for payment in exchange for
    deleting the files.

    Initial reports suggested that the campaign may have been a bluff, but a few days later Oracle released a patch, addressing a zero-day vulnerability.
    FIN11 and Cl0p

    Googles Threat Intelligence Group (GTIG) has now published a new report
    saying the attacks likely started in the first half of August 2025, weeks before a patch was available. There are also indications that some attacks happened in early July, too.

    In some cases, the threat actor successfully exfiltrated a significant amount of data from impacted organizations, Google said.

    The researchers seem to be a bit confused about who is actually behind this campaign. While the ransom note clearly states that Cl0p is behind it - there is evidence pointing to the involvement of a separate financially motivated group called FIN11.

    The pattern of exploiting a zero-day vulnerability in a widely used
    enterprise application, followed by a large-scale, branded extortion campaign weeks later, is a hallmark of activity historically attributed to FIN11 that has strategic benefits which may also appeal to other threat actors, GTIG
    said in its report.

    It could be a couple of things: either Cl0p is working together with FIN11 on this, sharing tactics, techniques, and procedures, or it just rented out its infrastructure for the campaign. There is also a possibility that FIN11s methodology served as an inspiration for the infamous ransomware collective.

    The actual number of the victims is not yet known.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. You might also like Ransomware hackers claim Oracle app breach, tell victims
    their data has been stolen Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-researchers-say-oracle-ebr-hacke rs-have-hit-dozens-of-organizations


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)